[erlang-questions] Erlang Crypto R16+ and Centos 6.4+ incompatibility

Tue Dec 17 15:52:54 CET 2013

Hi,

----- Original Message -----
> Yeah, I see
> Seems like the latest openssl does not announce anymore elliptic curves which
> are not supported.

No, that is Centos/Redhat stupidity. OpenSSL by default does EC, but Redhat choose
to disabled EC so that the NSA can better spy on you.

Andreas

> And crypto fails to start even if it does not use these
> curves.
> I'd say this is quite serious problem, as about half of cheap VPS/Dedicated
> servers are run on Centos - this is the only distro supported by CPanel
> afaik. Suddenly as more and more hosting companies start roll on the latest
> Centos, their clients will not be able to use recent erlang with crypto no
> more.
> 
> I think crypto should be patched so that it could be started even if some
> functionality from openssl is not available.
> 
> 
> вторник, 17 декабря 2013 г., 4:20:48 UTC+4 пользователь Matt Lewandowsky
> написал:
> 
> 
> 
> 
> The RHEL OpenSSL changes have been a subject of conversation on a variety of
> lists lately.
> 
> 
> 
> http://rhn.redhat.com/errata/RHBA-2013-1751.html is (I believe) the
> appropriate errata for what you are seeing and Red Hat’s current packages
> should correct it. If CentOS has the same packages as what is available via
> RHN, it might be interesting to know what happens if you roll back your
> OpenSSL package a month or so (to before the FIPS changes). It’s entirely
> possible that there are still issues which need RH Bugzilla entries.
> 
> 
> 
> I haven’t built Erlang on an RHEL 6 clone since the OpenSSL changes have
> occurred. However, crypto seemed to work fine the last time I did. (I’d say
> about 6 weeks ago.)
> 
> 
> 
> --Matt
> 
> 
> 
> --
> 
> Matt Lewandowsky
> 
> Big Geek
> 
> Greenviolet
> 
> ma...@REDACTED http://www.greenviolet.net
> 
> +1 415 578 5782 (US) +44 844 484 8254 (UK)
> 
> 
> 
> 
> From: erlang-quest...@REDACTED [mailto: erlang-questions-bounces@REDACTED
> ] On Behalf Of John Doe
> Sent: Monday, 16 December, 2013 14:39
> To: erlang-q...@REDACTED
> Subject: [erlang-questions] Erlang Crypto R16+ and Centos 6.4+
> incompatibility
> 
> 
> 
> 
> 
> At the moment it is impossible to run crypto app from Erlang R16+ on recent
> Centos versions (6.4 or newer) and likely on newer versions of Fedora and
> RHEL as well.
> 
> 
> openssl 1.0.1 is installed.
> 
> 
> 
> 
> 
> Unable to load crypto library. Failed with error:
> 
> 
> "load_failed, Failed to load NIF library: 'crypto.so: undefined symbol:
> EC_GROUP_new_curve_GF2m'"
> 
> 
> 
> 
> 
> 
> 
> 
> Crypto from R15B03 works with no problems
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz